Good security practice would be to encrypt the data in transit using an IPSEC VPN and to encrypt the data at rest using something like PGP.

The VPN will secure it between sites so if anyone sniffs the traffic they cannot read it. Using something like PGP will ensure the data cannot be interpreted should the disks be read via malware or storage theft.

There are risks with securing the data at rest. You must keep the key material securely and possibly for many years. The time it takes to encrypt and decrypt the data could have impact on things like recovery time.

Can I ask what sort of data it is? You may be bound by some legal obligation to secure it.